*** glibc detected *** : free(): invalid next size (fast) in C code [duplicate]_问答_开发者

*** glibc detected *** : free(): invalid next size (fast) in C code [duplicate]

开发者 https://www.devze.com 2023-03-14 10:30 出处：网络

This question already has answers here: 开发者_高级运维 Facing an error "*** glibc detected *** free(): invalid next size (fast)"

This question already has answers here: 开发者_高级运维 Facing an error "*** glibc detected *** free(): invalid next size (fast)" (2 answers) Closed 8 years ago.

I am getting the the following error in a C code.

             *** glibc detected *** : free(): invalid next size (fast)

I have pasted code here

Could anybody help me why i am getting this error.

Thanks in advance.

  ** glibc detected *** ./bplus: free(): invalid next size (fast): 0x000000000077f1b0    ***
  ======= Backtrace: =========
 /lib/libc.so.6(+0x775b6)[0x7fae8e5615b6]  
 /lib/libc.so.6(cfree+0x73)[0x7fae8e567e83]
./bplus[0x401acf]
./bplus[0x401caf]
 /lib/libc.so.6(__libc_start_main+0xfd)[0x7fae8e508c4d]
./bplus[0x400669]
 ======= Memory map: ======== 
  00400000-00403000 r-xp 00000000 08:07 544621                             
  00602000-00603000 r--p 00002000 08:07 544621                             
  00603000-00604000 rw-p 00003000 08:07 544621                             
  0077f000-007a0000 rw-p 00000000 00:00 0                                  [heap]
  7fae88000000-7fae88021000 rw-p 00000000 00:00 0 
  7fae88021000-7fae8c000000 ---p 00000000 00:00 0  
  7fae8e2d3000-7fae8e2e9000 r-xp 00000000 08:07 147                              /lib/libgcc_s.so.1
  7fae8e2e9000-7fae8e4e8000 ---p 00016000 08:07 147                          /lib/libgcc_s.so.1
  7fae8e4e8000-7fae8e4e9000 r--p 00015000 08:07 147                        /lib/libgcc_s.so.1
  7fae8e4e9000-7fae8e4ea000 rw-p 00016000 08:07 147                        /lib/libgcc_s.so.1
  7fae8e4ea000-7fae8e664000 r-xp 00000000 08:07 943                        /lib/libc-2.11.1.so
  7fae8e664000-7fae8e863000 ---p 0017a000 08:07 943                        /lib/libc-2.11.1.so
  7fae8e863000-7fae8e867000 r--p 00179000 08:07 943                        /lib/libc-2.11.1.so
  7fae8e867000-7fae8e868000 rw-p 0017d000 08:07 943                        /lib/libc-2.11.1.so
  7fae8e868000-7fae8e86d000 rw-p 00000000 00:00 0 
  7fae8e86d000-7fae8e88d000 r-xp 00000000 08:07 488                        /lib/ld-2.11.1.so
  7fae8ea63000-7fae8ea66000 rw-p 00000000 00:00 0 
  7fae8ea88000-7fae8ea8c000 rw-p 00000000 00:00 0 
  7fae8ea8c000-7fae8ea8d000 r--p 0001f000 08:07 488                        /lib/ld-2.11.1.so
  7fae8ea8d000-7fae8ea8e000 rw-p 00020000 08:07 488                        /lib/ld-2.11.1.so
  7fae8ea8e000-7fae8ea8f000 rw-p 00000000 00:00 0 
  7fff8d3c9000-7fff8d3de000 rw-p 00000000 00:00 0                          [stack]
  7fff8d3ff000-7fff8d400000 r-xp 00000000 00:00 0                          [vdso] 
  ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
  Aborted

[EDIT 2]

For testing I am using printf in different regions. The program prints upto the line which is just above from the line where the free function called.

This bit of code is likely contributing to the problem (beginning at line 62):

for (i =0 ; i < order ; i++) {  /*Stores the leaf key pointer pairs and new key pointer pairs in order form  in temp. storage*/
      if (i == InsertionIndex) {
           i =i+1;
      }
      temp_keys[i] = bplus_IndividualKeyBplus(bplusLeaf,j);
      temp_pointers[i] = bplus_IndividualPointersBplus(bplusLeaf,j);
      j = j+1;
}

If InsertionIndex is order-1, a pair of out-of-buffer writes occur. Whatever immediately follows temp_key and temp_pointers is stomped upon, undoubted part of the heap used to manage other heap objects.

The construction itself is suspicious. Review the intent of the code and fix.